vcl 4.1;
import std;
backend default {
.host = "plik";
.port = "8080";
.max_connections = 100;
.probe = {
.url = "/";
.interval = 10s;
.timeout = 5s;
.window = 5;
.threshold = 3;
}
.connect_timeout = 5s;
.first_byte_timeout = 90s;
.between_bytes_timeout = 2s;
}
acl purge {
"localhost";
"127.0.0.1";
"::1";
}
sub vcl_recv {
unset req.http.x-cache;
unset req.http.x-cache-hits;
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
unset req.http.proxy;
set req.backend_hint = default;
# gzip
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|jpeg|png|JPG|JPEG|PNG|BMP|bmp|tiff|TIFF|jiff|SVG|svg|webp|WEBP|gif|GIF|png|PNG|ico|ICO|js|css|JS|CSS|html|htm|txt|TXT|HTM|HTM|eot|ttf|woff|woff2)$") {
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate" &&
req.http.user-agent !~ "MSIE") {
set req.http.Accept-Encoding = "deflate";
} else {
unset req.http.Accept-Encoding;
}
}
set req.url = std.querysort(req.url);
set req.url = regsub(req.url, "\?$", "");
set req.http.Surrogate-Capability = "key=ESI/1.0";
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
}
else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return(synth(405, "Not allowed."));
}
return (hash);
}
if (req.method == "BAN") {
# Same ACL check as above:
if (!client.ip ~ purge) {
return(synth(405, "Not allowed."));
}
}
if (
req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "PATCH" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE"
) {
return (pipe);
}
# Remove tracking query string parameters used by analytics tools
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
# Only cache GET and HEAD requests
if ((req.method != "GET" && req.method != "HEAD") || req.http.Authorization) {
return(pass);
}
if (req.url ~ "^/status\.php$" ||
req.url ~ "^/update\.php$" ||
req.url ~ "^/admin$" ||
req.url ~ "^/admin/.*$" ||
req.url ~ "^/flag/.*$" ||
req.url ~ "^.*/ajax/.*$" ||
req.url ~ "^.*/ahah/.*$") {
return (pass);
}
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
} else {
return(pass);
}
}
return(hash);
}
sub vcl_hit {
set req.http.x-cache = "hit";
if (obj.ttl <= 0s && obj.grace > 0s) {
set req.http.x-cache = "hit graced";
}
}
sub vcl_miss {
set req.http.x-cache = "miss";
}
sub vcl_pass {
set req.http.x-cache = "pass";
}
sub vcl_pipe {
set req.http.x-cache = "pipe uncacheable";
}
sub vcl_hash {
hash_data(req.http.X-Forwarded-Proto);
}
sub vcl_backend_response {
set beresp.http.X-Url = bereq.url;
set beresp.http.X-Host = bereq.http.host;
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 10m;
}
/* Request retrial */
if ( beresp.status == 500 || beresp.status == 503 ) {
#TODO# consider not restarting POST requests as seenV3 on https://www.varnish-cache.org/trac/wiki/VCLExampleSaintMode
return (retry);
}
if (beresp.http.url ~ "\.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlss|pdf|iso|7Z|RAR|ZIP)$") {
set beresp.do_gzip = false;
} else {
set beresp.do_gzip = true;
#set beresp.http.X-Cache = "ZIP";
}
if (bereq.url ~ "^[^?]*\.(jpg|jpeg|png|JPG|JPEG|PNG|BMP|bmp|tiff|TIFF|jiff|SVG|svg|webp|WEBP)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 1h;
}
if (bereq.url ~ "^[^?]*\.(gif|GIF|png|PNG|ico|ICO)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 2h;
}
if (bereq.url ~ "^[^?]*\.(js|css|JS|CSS)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 2h;
}
if (bereq.url ~ "^[^?]*\.(html|htm|txt|TXT|HTM|HTML)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 30m;
}
if (bereq.url ~ "^[^?]*\.(eot|ttf|woff|woff2)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 2h;
}
if (bereq.url ~ "^[^?]*\.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlss|pdf|iso|7Z|RAR|ZIP)(\?.*)?$") {
unset beresp.http.Set-Cookie;
set beresp.grace = 10m;
}
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
set beresp.grace = 10m;
set beresp.keep = 10m;
}
sub vcl_deliver {
unset resp.http.X-Url;
unset resp.http.X-Host;
unset resp.http.Cache-Tags;
unset resp.http.X-Drupal-Cache-Contexts;
if (resp.http.Content-Type ~ "video/(mp4|webm|ogg|x-msvideo|x-matroska|mpeg|quicktime|3gpp|3gpp2|x-flv|avi|x-ms-wmv)$") {
set resp.http.Cache-Control = "public, max-age=259200"; # 3 dni
}
elseif (resp.http.Content-Type ~ "audio/(mpeg|mp3|ogg|wav|x-wav|webm|aac|flac|midi|x-midi|x-aiff|aiff|x-mpegurl|x-ms-wma)$") {
set resp.http.Cache-Control = "public, max-age=259200";
}
elseif (resp.http.Content-Type ~ "application/(zip|x-tar|rar|x-7z-compressed|gzip|x-bzip2|x-bzip|octet-stream|x-rar-compressed|x-gzip|x-xz|x-lzma|x-iso9660-image)$") {
set resp.http.Cache-Control = "public, max-age=3600";
}
elseif (resp.http.Content-Type ~ "image/(jpeg|jpg|jpe|png|gif|bmp|webp|svg\+xml|svg|tiff|tif|x-icon|vnd.microsoft.icon|heic|heif|avif|jp2|jpx|j2k|j2c|x-portable-pixmap|x-portable-bitmap|x-portable-graymap|x-portable-anymap|x-xbitmap|x-xpixmap|x-cmu-raster|x-sun-raster|x-adobe-dng|psd|x-photoshop|x-xcf|xcf|ico|cur)$") {
set resp.http.Cache-Control = "public, max-age=759200";
}
elseif (resp.http.Content-Type ~ "text/(plain|csv|css|html|xml|javascript|markdown|x-markdown|tab-separated-values|richtext|x-c|x-c++|x-java-source|x-shellscript|x-python|x-perl|x-php|x-ruby|x-yaml|x-sql|x-pascal|x-asm|x-tcl|x-sh|x-fortran|calendar|vnd.curl|vnd.wap.wml|vnd.wap.wmlscript|x-setext)$" ||
resp.http.Content-Type ~ "application/(json|xml|x-yaml|x-tar|x-latex|x-tex|x-bibtex|x-sql|x-javascript|x-lua|x-perl|x-python|x-ruby|x-csh|x-php|x-httpd-php|x-shellscript|x-javascript-config)$") {
set resp.http.Cache-Control = "public, max-age=2592000"; # 1 miesiÄ…c (30 dni)
}
unset resp.http.Expires;
unset resp.http.Pragma;
if (obj.uncacheable) {
set req.http.x-cache = req.http.x-cache;
} else {
set req.http.x-cache = req.http.x-cache;
}
if (obj.hits > 0 ) {
set resp.http.x-cache = req.http.x-cache;
set resp.http.x-cache-hits = obj.hits;
} else {
unset resp.http.Age;
}
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.Server;
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
return (synth(800, "Maintenance page"));
}
}
sub vcl_synth {
set req.http.x-cache = "synth synth";
if ( resp.status == 503 && req.restarts < 4 ) {
return (restart);
}
if (resp.status == 800) {
set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.status = 404;
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0";
synthetic( {"
"} + resp.status + " " + resp.reason + {"
Error "} + resp.status + " " + {"
"} + resp.reason + {"
Server says
XID: "} + req.xid + {"
Edge-Server: "} + server.hostname + {"
1.0
"} );
return(deliver);
}
}